1 Reply Latest reply on Apr 5, 2017 6:46 PM by Andrea Valle

    Timestamp always uses SHA1 for hash algorithm and ignores HashAlgo settings

    hankih19193697 Level 1

      After SHAttered we are attempting to change the default hash algorithm for timestamps in Adobe Reader DC 2015.020.20042 from SHA1 to SHA256.

       

      All attempts to override the default setting have failed and the resulting hash for the timestamp signature as displayed in Signature Properties, Advanced Properties is always SHA1.

       

      I've used the following registry settings according to the documentation in HKCU\Software\Adobe\Acrobat Reader\DC\Security\cASPKI\cAdobe_TSPProvider with several different timestamp servers:

      sHashAlgo

      iHashAlgo

       

      If I set an invalid value Acrobat displays an error message "Unsupported hash algorithm" which indicates that the settings are being read.

       

      Appreciate any help,

       

      Nick

        • 1. Re: Timestamp always uses SHA1 for hash algorithm and ignores HashAlgo settings
          Andrea Valle Adobe Employee

          Hi Nick,

          Adobe Acrobat already adopts SHA256 as the default hash algorithm for both regular digital signatures and timestamp signatures, including Document timestamp (e.g. according to ETSI EN 319 142-1 §5.4.3 and ETSI TS 119 142-3).

           

          Also other hash algorithms can be set by means of registry settings using the sHashAlgo key.

           

          There is currently an issue with the user interface which always shows SHA1 being used although it is actually SHA256 or other algorithm. You may be able to verify this by analyzing the CMS package that is inside the signed or timestamped PDF file.

           

          We are sorry for this issue, which we are going to fix in our next possible release.

           

          Regards

          Andrea Valle

          Sr. Product Manager, Adobe Document Cloud